InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business:Â 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted:Â Unknown
How It Could Affect Your Business:Â Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business:Â 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted:Â 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business:Â 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk:Â 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business:Â Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business:Â 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted:Â Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business:Â 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted:Â Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit:Â RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business:Â 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit:Â Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business:Â 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk:Â 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business:Â Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit:Â Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business:Â 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted:Â Unknown
How it Could Affect Your Business:Â Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business:Â 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted:Â Unknown
How It Could Affect Your Business:Â Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business:Â 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted:Â 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business:Â 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk:Â 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business:Â Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business:Â 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted:Â Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business:Â 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted:Â Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit:Â RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business:Â 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit:Â Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business:Â 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk:Â 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business:Â Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit:Â Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business:Â 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted:Â Unknown
How it Could Affect Your Business:Â Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.
Think Beyond Basic Backups to Tackle Ransomware
Although ransomware has long been a serious concern for business owners all over the world, the COVID-19 pandemic has created new opportunities for this threat to flourish, and the attack vector is likely to become even more dangerous in the coming years.According to a report, 304 million ransomware attacks occurred globally in 2020, with ransomware affecting over 65% of global businesses.1 Experts suggest that this is only the tip of the iceberg. Unfortunately, even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news.
When it comes to cybersecurity and ransomware, the biggest mistake SMBs make is assuming hackers only target large enterprises. This is why many SMBs still rely on simple backups and don't have a solid strategy in place.
The truth is that hackers are counting on smaller businesses to have fewer security measures in place, making it easier for them to get into your systems. While it’s good to have data backup, it's high time you take its security a step further.
The 3-2-1 Backup Strategy for Your Business
This is an industry best practice for reducing the risk of losing data in the event of a breach. The 3-2-1 strategy involves having at least three copies of your data, two on-site but on different mediums/devices, and one off-site. Let's examine each of the three elements and the issues they address:
Three copies of data
Two different mediums
One off-site copy
Â
In addition to the 3-2-1 backup strategy, consider applying the concept of layered security to keep your data and backup copies secure.
Importance of Layered Security in Cyber Defense
Most SMBs have an antivirus or firewall installed, but this is usually insufficient to combat today's sophisticated threat landscape, necessitating the application of a layered security approach.
Because no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
The THREE ELEMENTS of layered security are:
Prevention
Detection
Response
Layered security is divided into seven layers by security experts. Hackers seeking to get into a system must break through each layer to gain access. If you want to keep cybercriminals out of your systems, concentrate on improving these seven layers:
Information security policies
Physical security
Network security
Vulnerability scanning
Strong identity and access management (IAM)
Proactive protection and reactive backup + recovery
Continual monitoring and testing
While it’s your responsibility to make sure your business doesn't get sucked into the quicksand of data loss, it's easy to become overwhelmed if you're attempting to figure out everything on your own. Working with a specialist like us provides you with the advantage of having an expert on your side. We'll make sure your backup and security postures are capable of tackling threats.
Source:
- Statista
Think Beyond Basic Backups to Tackle Ransomware
Although ransomware has long been a serious concern for business owners all over the world, the COVID-19 pandemic has created new opportunities for this threat to flourish, and the attack vector is likely to become even more dangerous in the coming years.According to a report, 304 million ransomware attacks occurred globally in 2020, with ransomware affecting over 65% of global businesses.1 Experts suggest that this is only the tip of the iceberg. Unfortunately, even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news.
When it comes to cybersecurity and ransomware, the biggest mistake SMBs make is assuming hackers only target large enterprises. This is why many SMBs still rely on simple backups and don't have a solid strategy in place.
The truth is that hackers are counting on smaller businesses to have fewer security measures in place, making it easier for them to get into your systems. While it’s good to have data backup, it's high time you take its security a step further.
The 3-2-1 Backup Strategy for Your Business
This is an industry best practice for reducing the risk of losing data in the event of a breach. The 3-2-1 strategy involves having at least three copies of your data, two on-site but on different mediums/devices, and one off-site. Let's examine each of the three elements and the issues they address:
Three copies of data
Two different mediums
One off-site copy
Â
In addition to the 3-2-1 backup strategy, consider applying the concept of layered security to keep your data and backup copies secure.
Importance of Layered Security in Cyber Defense
Most SMBs have an antivirus or firewall installed, but this is usually insufficient to combat today's sophisticated threat landscape, necessitating the application of a layered security approach.
Because no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
The THREE ELEMENTS of layered security are:
Prevention
Detection
Response
Layered security is divided into seven layers by security experts. Hackers seeking to get into a system must break through each layer to gain access. If you want to keep cybercriminals out of your systems, concentrate on improving these seven layers:
Information security policies
Physical security
Network security
Vulnerability scanning
Strong identity and access management (IAM)
Proactive protection and reactive backup + recovery
Continual monitoring and testing
While it’s your responsibility to make sure your business doesn't get sucked into the quicksand of data loss, it's easy to become overwhelmed if you're attempting to figure out everything on your own. Working with a specialist like us provides you with the advantage of having an expert on your side. We'll make sure your backup and security postures are capable of tackling threats.
Source:
- Statista
Cybersecurity: What Every Business Owner Should Know
While organizations and workers have certainly benefitted from the advancement of technology, it has also introduced an unprecedented number of cybersecurity risks. Ransomware attacks, for example, hit businesses every 11 seconds in 2021.1 Therefore, if you want your business to grow and succeed, you must understand the realities of cybersecurity.
Â
The Reality of the Current Threat Landscape
Did you know that the cost of cybercrime downtime is typically higher than a ransom?Almost every organization will encounter cybercrime at some point. It's not a question of IF, but rather WHEN it will happen. While that reality can be alarming, there’s no need to panic. There are proactive steps you can take to protect your business and achieve peace of mind. But first, let’s discuss what you need to be aware of.
Here are some of the most serious and prevalent cyberthreats facing business owners right now:
Ransomware
Phishing/Business Email Compromise (BEC)
Similarly, business email compromise (BEC) is a scam in which cybercriminals use compromised email accounts to trick victims into sending money or revealing sensitive information.
Insider Threats
Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS)
If you are still unsure whether you should be concerned about these sophisticated threats or not, the following statistics may help you make up your mind:
- It takes an average of 280 days to identify and contain a breach.2
- Malicious attacks with financial motivations were responsible for 52% of breaches.2
- Personal Identifiable Information (PII) is compromised in 80% of data breaches (PII).2
Implement These Measures to Secure Your Business
Now that you know what types of cyberthreats to look out for, let’s take a look at some measures you can put in place to protect your business against cybercrimes.
Strict Password Policies/Management Tools
Strong Identity Controls - Multifactor Authentication (MFA)
Regular Risk Assessment
Virtual Private Network (VPN)
Business Continuity Strategy
Continual Security Awareness Training
If you’re ready to strengthen your cybersecurity posture but aren’t sure where to start, don’t worry. We can help your company build a digital fortress of protection solutions.
Sources:
- Cybersecurity Ventures (https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/)
- IBM Cost of Data Breach Report (https://www.ibm.com/downloads/cas/QMXVZX6R)